Additional Materials:

Contact:

What GAO Found

Department of Homeland Security (DHS) components have developed models to assess the risks of foreign ports and cargo, but not all components have applied risk management principles to assess whether maritime security programs cover the riskiest ports. The U.S. Coast Guard uses its risk model to inform operational decisions for its International Port Security (IPS) program and annually updates its assessment. In contrast, U.S. Customs and Border Protection (CBP) has not regularly assessed ports for risks to cargo under its Container Security Initiative (CSI) program. CBP's selection of the initial 23 CSI ports was primarily based on the volume of U.S.-bound containers, but beginning in 2003, CBP considered more threat information when it expanded the number of CSI ports. CBP has not assessed the risk posed by foreign ports that ship cargo to the United States for its CSI program since 2005. In 2009, CBP developed a model that ranked 356 potential expansion ports for a related program on the basis of risk, but it was never implemented because of budget cuts. By applying CBP's risk model to fiscal year 2012 cargo shipment data, GAO found that CSI did not have a presence at about half of the ports CBP considered high risk, and about one fifth of the existing CSI ports were at lower risk locations. Since the CSI program depends on cooperation from sovereign host countries, there are challenges to implementing CSI in new foreign locations, and CBP's negotiations with other countries have not always succeeded. For example, CBP officials said it is difficult to close CSI ports and open new ports because removing CSI from a country might negatively affect U.S. relations with the host government. However, periodically assessing the risk level of cargo shipped from foreign ports and using the results to inform any future expansion of CSI to additional locations, as well as determine whether changes need to be made to existing CSI ports, would help ensure that CBP is allocating its resources to provide the greatest possible coverage of high-risk cargo to best mitigate the risk of importing weapons of mass destruction (WMD) or other terrorist contraband into the United States through the maritime supply chain.

DHS has taken steps to improve the efficiency and effectiveness of its maritime security programs, but faces host country political and legal constraints. The Coast Guard has implemented a risk-informed model that prioritizes the countries to visit and assist. Also, the Coast Guard and CBP have made arrangements with foreign government entities to mutually recognize inspections of each other's ports and maritime supply chains through the IPS and Customs-Trade Partnership Against Terrorism (C-TPAT) programs. CBP has also utilized technological improvements to target some U.S.-bound cargo shipments remotely from the United States to reduce CSI staff in foreign countries. However, CBP faces political and legal constraints in host countries. For example, according to CBP and government officials in one country, a national law precludes the transmission of electronic scanned images other than to host government Customs officials. As a result, CSI officials must be present at each CSI port in that country to view the scanned images. Further, in some ports, CBP has made efforts to expand the scope of its CSI targeting to include contraband other than WMD, but that is subject to approval by the host governments.

Why GAO Did This Study

Foreign ports and the cargo carried by vessels from these ports are critical to the U.S. economy, but can be exploited by terrorists. Within DHS, CBP and the Coast Guard are responsible for maritime security. Through CSI, CBP identifies and examines U.S.-bound cargo that may conceal WMD, and through C-TPAT, CBP partners with international trade community members to secure the flow of U.S.-bound goods. Under the IPS program, Coast Guard officials visit foreign ports to assess compliance with security standards. GAO was asked to review DHS's maritime security programs. This report addresses (1) the extent to which DHS has assessed the foreign ports that pose the greatest risk to the global supply chain and focused its maritime container security programs to address those risks, and (2) actions DHS has taken to help ensure the efficiency and effectiveness of its maritime security programs. GAO analyzed DHS risk models and maritime security program strategies, met with program officials, and visited six foreign countries selected on the basis of participation in CSI, varied cargo shipment risk levels, and other factors.

What GAO Recommends

GAO recommends that CBP periodically assess the supply chain security risks from foreign ports that ship cargo to the United States and use the results to inform any future expansion of CSI and determine whether changes need to be made to existing CSI ports. DHS concurred with GAO's recommendation.

For more information, contact Stephen Caldwell at (202) 512-9610 or caldwells@gao.gov.

Recommendations for Executive Action

Status: Open

Comments: In February 2015, CBP officials told us its Office of Field Operations (OFO) plans to utilize two data sources for conducting periodic assessments of the supply chain security risks from all ports that ship cargo to the United States. First, OFO is to complete a foreign port risk assessment by using an existing country risk assessment developed by a third party for another CBP office. In addition, the CBP Office of Intelligence and Investigative Liaison (OIIL) is in the process of developing a World Risk Matrix, and OFO officials have requested that OIIL include them in developing the methodology for the matrix. OFO officials stated that they will use both the existing country risk assessment and the forthcoming World Risk Matrix to compile a final risk assessment of all foreign ports that ship cargo to the United States. CBP plans to complete these steps by the end of December 2015. We will continue to monitor CBP's progress in implementing this recommendation and check in with the CBP liaison again in late 2015.

Recommendation: To better ensure the effectiveness of the CSI program, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to periodically assess the supply chain security risks from all foreign ports that ship cargo to the United States and use the results of these risk assessments to inform any future expansion of CSI to additional locations.

Agency Affected: Department of Homeland Security

Status: Open

Comments: In February 2015, CBP officials told us its Office of Field Operations (OFO) plans to utilize two data sources for conducting periodic assessments of the supply chain security risks from all ports that ship cargo to the United States. First, OFO is to complete a foreign port risk assessment by using an existing country risk assessment developed by a third party for another CBP office. In addition, the CBP Office of Intelligence and Investigative Liaison (OIIL) is in the process of developing a World Risk Matrix, and OFO officials have requested that OIIL include them in developing the methodology for the matrix. OFO officials stated that they will use both the existing country risk assessment and the forthcoming World Risk Matrix to compile a final risk assessment of all foreign ports that ship cargo to the United States. CBP plans to complete these steps by the end of December 2015. We will continue to monitor CBP's progress in implementing this recommendation and check in with the CBP liaison again in late 2015.

Recommendation: To better ensure the effectiveness of the CSI program, the Secretary of Homeland Security should direct the Commissioner of U.S. Customs and Border Protection to periodically assess the supply chain security risks from all foreign ports that ship cargo to the United States and use the results of these risk assessments to determine whether changes need to be made to existing CSI ports and make adjustments as appropriate and feasible.